<?php
if (!defined('IN_D_ADMIN')) die("Error 404");
$edit_url = 'index.php?act=news&mode=edit';
$news_id=(!empty($_GET['news_id']) && is_numeric($_GET['news_id']))?$_GET['news_id']:'';	
$news_del_id=(!empty($_GET['news_del_id']) && is_numeric($_GET['news_del_id']))?$_GET['news_del_id']:'';	
$inp_arr = array(
		'news'		=> array(
			'table'	=>	'news_name',
			'name'	=>  $lang_acp['news'],
			'type'	=>	'free',
			'can_be_empty'	=>	false,
		),
		'news_writer'	=>	array(
			'table'	=>	'news_writer',
			'name'	=>  $lang_acp['news_writer'],
			'type'	=>	'free',
			'can_be_empty'	=>	true,
		),
		'cat'		=> array(
			'table'	=>	'news_cat',
			'name'	=>	$lang_acp['cat'],
			'type'	=>	'function::acp_cat::number'
		),
		'news_info'	=>	array(
			'table'	=>	'news_info',
			'name'	=>	$lang_acp['info'],
			'type'	=>	'text',
			'can_be_empty'	=>	false,
		),
		'news_ascii'	=>	array(
			'table'	=>	'news_name_ascii',
			'type'	=>	'hidden_value',
			'value'	=>	'',
			'change_on_update'	=>	true,
		),
		'news_focus'	=>	array(
			'table'	=>	'news_focus',
			'name'	=>  $lang_acp['focus_news'],
			'type'	=>	'free',
			'can_be_empty'	=>	true,
		),			
		'bt_submit_news'  => array(
			'type' => 'change_bt',
		),

);
$error_arr = array();
##################################################
# ADD NEWS
##################################################
if ($mode == 'add') {
	acp_check_permission('add_news');
	if (!empty($_POST['bt_submit_news'])) {
		$error_arr = $form->checkForm($inp_arr);
		if (empty($error_arr)) {
			$inp_arr['news_ascii']['value'] = strtolower($func->utf8_to_ascii($news));
			$sql = $form->createSQL(array('INSERT',$conf['prefix'].'news'),$inp_arr);
			eval('$DB->query("'.$sql.'");');
			echo $lang_acp['added']." <meta http-equiv='refresh' content='1;url=$edit_url'>";
			exit();
		}
	}
	$warn = $form->getWarnString($error_arr);
		$form->createForm($lang_acp['add_news'],$inp_arr,$error_arr);
	exit();
}
##################################################
# EDIT NEWS
##################################################
if ($mode == 'edit') {
	if ($news_del_id>0) {
		acp_check_permission('del_news');
		if (!empty($_POST['submit'])) {
				$DB->query("DELETE FROM ".$conf['prefix']."news WHERE news_id = '".$multi_del_id."'");
				echo $lang_acp['deleted']." <meta http-equiv='refresh' content='1;url=".$edit_url."'>";
				exit();
		}
		?>
		<form method="post"><?=$lang_acp['ask_u_del']?> ??????<br><input value="<?=$lang_acp['yes']?>" name=submit type=submit class=submit></form>
		<?php
	}
	elseif (!empty($_POST['do'])) {
		$arr = $_POST['checkbox'];
		if (!count($arr)) die($lang_acp['error']);
		if ($_POST['selected_option'] == 'del') {
			acp_check_permission('del_news');
			$in_sql = implode(',',$arr);
			$DB->query("DELETE FROM ".$conf['prefix']."news WHERE news_id IN (".$in_sql.")");
			echo $lang_acp['deleted']." <meta http-equiv='refresh' content='1;url=".$edit_url."'>";
		}
	}
	
	elseif ($news_id) {
		acp_check_permission('edit_news');
		if (empty($_POST['bt_submit_news'])) {
			$q = $DB->query("SELECT * FROM ".$conf['prefix']."news WHERE news_id = '".$news_id."'");
			$r = $DB->fetch_row($q);
			foreach ($inp_arr as $key=>$arr) @$$key = $r[$arr['table']];
		}
		else {
				$error_arr = array();
				$error_arr = $form->checkForm($inp_arr);
				if (empty($error_arr)) {
					$inp_arr['news_ascii']['value'] = strtolower($func->utf8_to_ascii($_POST['news']));
					$sql = $form->createSQL(array('UPDATE',$conf['prefix'].'news','news_id','news_id'),$inp_arr);
					eval('$DB->query("'.$sql.'");');
					echo $lang_acp['edited']." <meta http-equiv='refresh' content='1;url=".$edit_url."'>";
					exit();
				}
			}

		$warn = $form->getWarnString($error_arr);
		$form->createForm($lang_acp['edit_news'],$inp_arr,$error_arr);
	}
	else {
		acp_check_permission('edit_news');
		$m_per_page = 3;
		if (!$pg) $pg = 1;
			$q = $DB->query("SELECT * FROM ".$conf['prefix']."news ORDER BY news_name ASC LIMIT ".(($pg-1)*$m_per_page).",".$m_per_page);
			$q_tt = $DB->query("SELECT * FROM ".$conf['prefix']."news ORDER BY news_name");
		$tt = $DB->num_rows($q_tt);

		if ($tt>0) {
			echo "{$lang_acp['id_news']} <b>{$lang_acp['edit']}</b>: <input id=news_id size=20> <input type=button onclick='window.location.href = \"".$link."&news_id=\"+document.getElementById(\"news_id\").value;' value={$lang_acp['edit']}><br><br>";
			echo "{$lang_acp['id_news']} <b>{$lang_acp['del']}</b>: <input id=news_del_id size=20> <input type=button onclick='window.location.href = \"".$link."&news_del_id=\"+document.getElementById(\"news_del_id\").value;' value={$lang_acp['del']}><br><br>";
			echo "Search <input type=\"text\" id=\"key_search\" size\"30\"> <input type=\"button\" name=\"search_button\" onclick=\"return search_news();\" value='Search'><br><div id=\"show_result_search\"></div><br><br>";
			echo "<script>function docheckall(){
		   for ( i=0;i < document.news_list.elements.length ; i++ ){
				 if ( document.news_list.chkall.checked==true ){
					  document.news_list.elements[i].checked = true;
				 } else {
					  document.news_list.elements[i].checked  = false;
				 }
		   }
  }</script>";
			echo "<table width=90% align=center cellpadding=2 cellspacing=0 class=border><form name=news_list method=post action=$link onSubmit=\"return check_checkbox();\">";
			echo "<tr align=center><td width=3%><input class=checkbox type=checkbox name=chkall id=chkall onclick=docheckall(); ></td><td class=title width=50%>{$lang_acp['news']}</td><td class=title>{$lang_acp['img']}</td></tr>";
			while ($r = $DB->fetch_row($q)) {
				$id = $r['news_id'];
				$news_name = $r['news_name'];
					if(!empty($conf['img_thumb'])&& !empty($r['news_local_img']))
						$img = $conf['web_url']."/".$conf['img_thumb']."/".$r['news_local_img'];
					else
						$img=$func->unhtmlchars($r['news_img']);

				$image = ($img)?"<img src=".$img." width=50 height=50>":'';
				echo "<tr><td><input class=checkbox type=checkbox id=checkbox name=checkbox[] value=$id></td><td class=fr><b><a href=?act=news&mode=edit&news_id=".$id.">".$news_name."</a></b></td><td class=fr_2 align=center>".$image."</td></tr>";
			}
			echo "<tr><td colspan=3>".admin_viewpages($tt,$m_per_page,$pg)."</td></tr>";
			echo '<tr><td colspan=3 align="center">'.$lang_acp['with_news_selected'].' : '.
				'<select name=selected_option><option value=del>'.$lang_acp['del'].'</option>'.
				'<input type="submit" name="do" class=submit value="'.$lang_acp['do'].'"></td></tr>';
			echo '</form></table>';
		}
		else echo $lang_acp['not_exist_news'];
	}
}
?>